In short. Its finally happened peoples. lol I HAVE BEEN HACKED ! 
I first became suspicious 2-4 days ago, then decided to test it out with some CANNdy flavoured bait.
200 CANN wasn't enough but 3200 WAS ! lol
TXid : cd276e4d9619e5e201e60ded1c438bf3d2a5c52f6c4a7bea595d3c213327eb41
EDIT : https://chainz.cryptoid.info/cann/address.dws?CTSFTDzKSonarDJgpuRxukPrECXrby1eSe.htm
I woke up and noticed that my email account was up and the new/temp password from Polo or Ccex was selected and thought "WTF !!".
I did not request the password resets.
Check the processes with taskmanager and you will see the client is running as service.exe*32 and/or crcss.exe*32 and/or some other name. Right click the process and choose "open file location" when you are ready to delete it.
If deleted, it will rewrite itself to the program files(x86) folder after the system is rebooted.
The file responsible for this was found in one of the user's temp/Windows Live/ ID folders. EDIT This stopped after I disabled then deleted service.exe (and everything else) from the temp folder.
Terminating one of those .exe*32 processes caused my right to automatically reboot.
Congrats asshole(s) !
Please step forward so that the world may know your inbred shitcoin stained face !
I first became suspicious 2-4 days ago, then decided to test it out with some CANNdy flavoured bait.
200 CANN wasn't enough but 3200 WAS ! lol
TXid : cd276e4d9619e5e201e60ded1c438bf3d2a5c52f6c4a7bea595d3c213327eb41
EDIT : https://chainz.cryptoid.info/cann/address.dws?CTSFTDzKSonarDJgpuRxukPrECXrby1eSe.htm
I woke up and noticed that my email account was up and the new/temp password from Polo or Ccex was selected and thought "WTF !!".
I did not request the password resets.
Check the processes with taskmanager and you will see the client is running as service.exe*32 and/or crcss.exe*32 and/or some other name. Right click the process and choose "open file location" when you are ready to delete it.
If deleted, it will rewrite itself to the program files(x86) folder after the system is rebooted.
The file responsible for this was found in one of the user's temp/Windows Live/ ID folders. EDIT This stopped after I disabled then deleted service.exe (and everything else) from the temp folder.
Terminating one of those .exe*32 processes caused my right to automatically reboot.
Congrats asshole(s) !
Please step forward so that the world may know your inbred shitcoin stained face !
How did you managed NOT to get hacked before if you haven't use 2FA, Sandboxie or VM? Anyone who don't launch random wallets in a controlled Sandboxie, VM or on a remote machine with a throwaway OS is pretty much asking for getting hacked.
Who knows. I've often wondered that myself.
Just to be clear, the coins were taken from my freshly baited wallet and not from Polo, Ccex or Bter.
@all
While we're waiting for an explanation, please check your "program files(x86) and the youruser/appdata/local/TEMP folders.
